OpenAI on Tuesday unveiled GPT-5.4-Cyber, a variant of its latest flagship model, GPT‑5.4, that’s specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier model, Mythos. “The progressive… Read More »OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams
Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution. The vulnerabilities have been described as command injection flaws affecting the… Read More »New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released
Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push deceptive news stories… Read More »AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud
Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel… Read More »Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security
A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on Meta.… Read More »Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads
OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by… Read More »Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal… Read More »108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities… Read More »CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries… Read More »ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware family called JanelaRAT. A modified version of BX RAT,… Read More »JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025